Personal point of sale

ABSTRACT

Embodiments provided herein include techniques for enabling a mobile device to communicate with smart media in a manner that can sidestep the secure element of the mobile device—and the costs associated with it. The mobile device can communicate with the smart media using near-field communication (NFC) by creating an encrypted connection with a remote computer while bypassing a secure element of the mobile device. This allows the mobile device to provide point-of-sale (POS) functionality by reading and/or writing to the smart media, without compromising the security of the smart media. Embodiments may further enable the server to provide authentication information to a third party based on the communication between the smart media and the server.

CROSS-REFERENCE TO RELATED APPLICATION

The present application is a continuation-in-part of U.S. patentapplication Ser. No. 15/071,970, filed Mar. 16, 2016, entitled “PersonalPoint of Sale,” which is a continuation of U.S. patent application Ser.No. 14/733,607, filed Jun. 8, 2015, entitled “Personal Point of Sale,”(issued as U.S. Pat. No. 9,312,923 issued Apr. 12, 2016) which is acontinuation of U.S. patent application Ser. No. 13/627,079, filed Sep.26, 2012, entitled “Personal Point of Sale,” (issued as U.S. Pat. No.9,083,486 issued Jul. 14, 2015), which claims benefit under 35 USC119(e) of 61/539,345, filed Sep. 26, 2011, entitled “MOBILE PHONE SECURETOP UP”. The entire contents of each of these applications areincorporated by reference herein for all purposes.

BACKGROUND

Many mobile devices are natively equipped to communicate usingNear-Field Communication (NFC). Other mobile devices may becomeNFC-enabled with the use of accessories, such as a sleeve, dongle, andthe like. Such NFC-enabled mobile devices may further come with a secureelement with which the mobile device may utilize encryptedcommunications, enabling the mobile device to read smart cards,radio-frequency identification (RFID) tags, and other smart media,and/or replace them altogether.

The use of the secure element in this manner, however, typically is notfree. There can be costs related to encrypted channels, licensedtechnologies, and other features of the secure element. These costs canultimately prevent a user from utilizing the NFC functionality of amobile device that takes advantage of the secure element in this manner.

BRIEF SUMMARY

Embodiments provided herein include techniques for enabling a mobiledevice to communicate with a smart media in a manner that can sidestepthe secure element of the mobile device—and the costs associated withit. The mobile device can communicate with the smart media usingnear-field communication (NFC) by creating an encrypted connection witha remote computer while bypassing a secure element of the mobile device.This allows the mobile device to provide point-of-sale (POS)functionality by reading and writing to the smart media, withoutcompromising the security of the smart media.

An example method for enabling a mobile device to communicate with asmart media, according to the disclosure, includes providing a userinterface with the mobile device where the user interface operable toreceive user input, receiving, with the mobile device, the user input,and reading information from the smart media with the mobile device. Themethod also includes establishing a secure communications link betweenthe mobile device and a remote computer. Establishing the securecommunications link can include providing at least a portion of theinformation from the smart media. The method further includes receivingencrypted data from the remote computer via the secure communicationslink, and communicating the encrypted data to the smart media.

The example method for enabling the mobile device to communicate withthe smart media can also include one or more of the following features.Communicating the encrypted data to the smart media can include writingthe encrypted data without using a secure element of the mobile device.Communicating the encrypted data to the smart media can includecommunicating with the smart media wirelessly using Near-FieldCommunications (NFC). Reading the information from the smart media canbe based on the user input. The smart media can include at least one ofa contactless smart card, a credit card, a debit card, or aradio-frequency identification (RFID) tag. The smart media can bephysically attached to the mobile device. The smart media can beadhesively coupled with the mobile device. Communicating the encrypteddata to the smart media can include changing a value stored in a memoryof the smart media. The value can be used to track usage related to atransit system. Providing the at least a portion of the information fromthe smart media can include providing an identifier of the smart media.The user input can include at least one of login information, paymentsource information, payment amount information, or an indication of aproduct or service for purchase.

An example non-transitory computer-readable medium having instructionsembedded thereon enabling a mobile device to communicate with a smartmedia, according to the disclosure, can include instructions withcomputer-executable code for providing a user interface with the mobiledevice where the user interface is operable to receive user input,receiving the user input, reading information from the smart media, andestablishing a secure communications link between the mobile device anda remote computer. Establishing the secure communications link caninclude providing at least a portion of the information from the smartmedia. The instructions can also include computer-executable code forreceiving encrypted data from the remote computer, and communicating theencrypted data to the smart media.

The example non-transitory computer-readable medium can also include oneor more of the following features. Code for communicating the encrypteddata to the smart media can include code for writing the encrypted datawithout using a secure element of the mobile device. The smart media cancomprise at least one of a contactless smart card, a credit card, adebit card, or a radio-frequency identification (RFID) tag. Thecomputer-executable code for providing the user interface can includecomputer-executable code for displaying a graphical user interface on adisplay of the mobile device. Providing the at least a portion of theinformation from the smart media can include providing an identifier ofthe smart media. The computer-executable code for receiving the userinput can include computer-executable code for receiving at least one oflogin information, payment source information, payment amountinformation, or a product or service for purchase.

Another example method for enabling a mobile device to communicate witha smart media, according to the disclosure, can include receiving, froma mobile device, identifying information regarding the smart media,determining, with a computer, an encryption key based on the identifyinginformation, and establishing a secure communications link between thecomputer and a mobile device. The secure communications link can beestablished, based on at least a portion of information read from thesmart media by the mobile device. The method can also includecommunicating encrypted data to the mobile device, via the securecommunications link, to be written on the smart media.

The example method for enabling the mobile device to communicate withthe smart media can include one or more of the following features.Determining the encryption key can include communicating with anexternal encryption engine. Encrypted data can include a value used totrack usage related to a transit system. The encrypted data can includean indication that a ticket related to the smart media is no longervalid. The method can further include receiving, from the mobile deviceat least one of login information, payment source information, paymentamount information, or an indication of a product or service forpurchase. The method can also include identifying a user account relatedto either or both of the smart media or the mobile device.

Numerous benefits are achieved over conventional techniques. Forexample, a user can update smart media using a personal mobile device,without the need to visit a specialized terminal or user servicescounter. By bypassing the secure element and utilizing smart media,techniques disclosed can help users avoid costs associated with thesecure element. Moreover, certain smart media, such as stickers, can becoupled directly to the mobile device, providing essentially the samefunctionality as the secure element, without incurring the costs.Allowing individual users to reload their own smart media also allows adistributor or transit agency to reduce the cost of maintaining its owndistribution network. These and other embodiments, along with many ofits advantages and features, are described in more detail in conjunctionwith the text below and attached figures.

BRIEF DESCRIPTION OF THE DRAWINGS

A further understanding of the nature and advantages of variousembodiments may be realized by reference to the following figures. Inthe appended figures, similar components or features may have the samereference label. Further, various components of the same type may bedistinguished by following the reference label by a dash and a secondlabel that distinguishes among the similar components. If only the firstreference label is used in the specification, the description isapplicable to any one of the similar components having the same firstreference label irrespective of the second reference label.

FIGS. 1A and 1B are simplified hardware block diagrams of embodiments ofa system for enabling a mobile device to communicate with smart media.

FIG. 2 is a simplified software block diagram a system for enabling amobile device to communicate with the smart media, according to oneembodiment in a transit system context.

FIG. 3 is a flowchart representing a method for enabling a mobile deviceto communicate data to be written on a smart media, such as acontactless smart card, according to one embodiment.

FIG. 4 is a flowchart representing a method for method for enabling amobile device to communicate with a smart media, which can be performedby a computer, according to one embodiment.

FIG. 5 simplified block diagram providing an illustration of howauthenticating the smart media (and/or the holder of the smart media)for non-transit applications can be done using components describedherein, according to one embodiment.

FIG. 6 is a flow diagram illustrating a method for enabling anelectronic device to communicate with a smart media, according to oneembodiment.

DETAILED DESCRIPTION

For the purposes of explanation, the ensuing numerous provides specificdetails are set forth in order to provide a thorough understanding ofvarious embodiments. It will be apparent, however, to one skilled in theart that various embodiments may be practiced without some of thesespecific details. For example, circuits, systems, networks, processes,and other components may be shown as components in block diagram form inorder not to obscure the embodiments in unnecessary detail. In otherinstances, known circuits, processes, algorithms, structures, andtechniques may be shown without unnecessary detail in order to avoidobscuring the embodiments. In other instances, well-known structures anddevices are shown in block diagram form.

Embodiments provided herein include techniques for enabling a mobiledevice such as mobile phones, smart phones, tablet computers, personalmedia players, laptop computers, and other portable electronic devices,to securely communicate with smart media including, but not limited to,smart cards radio-frequency identification (RFID) tags, credit cards,debit cards, tickets, and the like. The smart media—in any physical form(card, ticket, RFID, etc.)—can include a memory with information such asa unique identifier (e.g., card number, serial number, etc.) and/orother information such as an electronic purse (cash), one or moreproducts (e.g., passes), an origin and/or destination, validityparameters, and/or individual tickets, depending on the application inwhich the smart media is used (transit, transportation, event ticketing,etc.). The mobile device can communicate with the smart media usingnear-field communication (NFC) by creating an encrypted connection witha remote computer while bypassing a secure element of the mobile device.This allows the mobile device to read and write to the smart media usingstandard protocols (e.g., ISO 14443) and Internet connectivity viastandard networks (e.g. Wi-Fi 802.11, 3G, 4G, and the like), withoutcompromising the security of the smart media.

In some embodiments, the ability to read and/or write to smart media caninclude formatting and/or initializing the smart media. For example,using the techniques described herein below to read and/or write to thesmart media, a mobile device may be utilized to initialize a smart mediafor use. In so doing, the smart media may be formatted, and encryptionkeys may be written to the smart media. Such functionality canfacilitate the distribution of such smart media because the smart mediawould not have to be pre-encoded prior to delivery. Moreover, suchencoding could help ensure the smart media receives the most recentformatting and/or security key(s).

Because techniques provided herein enable a mobile device to read fromand write to smart media, the mobile device to function as a personalpoint-of-sale (POS) device to a user. The POS device can conductpoint-of-sale transactions such as the sale of a product or service,ticket validation (e.g., debit a value from the smart media and/orcancel a ticket), and the like. For example, a user may use the mobiledevice to both purchase a product and update the smart media accordinglyto reflect the purchase.

FIG. 1A is a simplified hardware block diagram of a first embodiment100-1 of a system for enabling a mobile device 120-1 to communicate withthe smart media. In this embodiment, the mobile device 120-1 utilizesnative NFC capabilities to read and write to a contactless smart card105 (or other smart media). It will be understood that the firstembodiment 100-1 is provided as an example. Other embodiments of an IC100 may include more, less, and/or different components, depending ondesired functionality.

In this first embodiment 100-1, the mobile device 120-1 can include anNFC transceiver with modulation 126 and demodulation 128 circuitryenabling the mobile device 120-1 to establish a contactlesscommunication link 117 with a contactless smart card 105 via an NFCantenna 122. The contactless smart card 105 (and/or other smart media)can include an antenna loop 115 and circuitry 112 to store informationand communicate via contactless communication link 117. In someembodiments, the contactless smart card 105 and/or other smart media cancommunicate using ISO 14443 standards, and may be induction and/orbattery powered.

The mobile device 120-1 also can include a secure element 130. Incertain applications, the secure element 130 can be utilized to emulatecards, RFID tags, and/or other smart media with card emulation 133,communicating information via the NFC transceiver 125. The secureelement 130 can offer encrypted communications and secure channels tohelp keep sensitive information (e.g., credit card and/or other accountinformation, personal data, etc.) from being compromised. However, asindicated above, it can cost a user to utilize the secure element inthis manner. Thus, embodiments can bypass the secure element 130 toallow a user to use a contactless smart card 105 (and/or other smartmedia) and avoid the costs associated with the secure element 130. Asdescribed in more detail below, communication with the smart media canstill be encrypted by, for example, a central computer host 175, inwhich case the mobile device 120-1 can simply relay encryptedinformation between the contactless smart card 105 and the centralcomputer host 175. That said, some embodiments may utilize the secureelement 130.

In this first embodiment 100-1, the mobile device 120-1 includes othercomponents, such as a central processing unit (CPU) 140, input device(s)135, and subscriber identity module (SIM) card 145. Among other things,the SIM card 145 can be used to identify the mobile device 120-1 and/ora related user to the central computer host 175. Input device(s) 135 canbe utilized to enable a user to provide input in any of a variety ofways. For example, the input device(s) 135 can include a touch screen,button(s), microphone, camera, and the like. In some embodiments,depending on the model of the mobile device 120-1 and mobile carriernetwork 160, the secure element 130 may be present as either embedded inthe mobile phone hardware and/or firmware, embedded in the subscriberidentity module (SIM) card 145, and/or included in a separate formfactor, such as micro SD card.

The CPU 140 can be used to process information and coordinate thefunctionality of the various components of the mobile device 120-1. TheCPU 140 can include one or more general-purpose processors and/or one ormore special-purpose processors (such as digital signal processingchips, graphics acceleration processors, microprocessors, and/or thelike). The CPU may be configured to execute one or more computerprograms stored, for example, on a computer-readable storage medium (notshown), or memory, such as a disk drive, a drive array, an opticalstorage device, a solid-state storage device, such as a random accessmemory (“RAM”), and/or a read-only memory (“ROM”), which can beprogrammable, flash-updateable, and/or the like. Such storage devicesmay be configured to implement any appropriate data stores, includingwithout limitation, various file systems, database structures, and/orthe like. Moreover, the computer-readable storage medium can beremovable, incorporated into the mobile device 120-1, and/orcommunicatively coupled with the mobile device 120-1 via a communicationinterface.

The mobile device 120-1 can communicate with one or more communicationnetworks via one or more antenna(s) 150. Such communication networks caninclude a mobile carrier network (e.g., cell phone service via cellphone tower 155), the Internet 170 (via Wi-Fi access point 165), and/orother networks. In the first embodiment 100-1 of FIG. 1A, the mobiledevice is able to gain access to the Internet 170 via either or both ofa Wi-Fi access point 165 or a mobile carrier network 160. The Internet170, in turn, provides the mobile device 120-1 access to the centralcomputer host 175. In other embodiments, other forms of wireless and/orwired communication can be utilized, depending on desired functionality.

The central computer host 175 can comprise one or more computersconfigured to manage and/or update smart media, such as the contactlesssmart card 105. To this end, it can manage and/or access one or moreencryption key(s) associated with each smart media. In some embodiments,such as the first embodiment 100-1 of FIG. 1A, encryption keys may bestored externally in an encryption engine 180 such as a separatecomputer and/or a specialized encryption hardware.

In this first embodiment 100-1, the contactless smart card 105 can bewritten to as follows. A user may bring contactless smart card 105within a range of the mobile device 120-1 sufficient to activate thecontactless smart card 105 and start an initial communication betweenthe mobile device 120-1 and the contactless smart card 105. The user mayactivate a software application executed by the mobile device 120-1before doing so. The software application can, for example, enable auser to perform various point-of-sale transactions such as load value tothe electronic purse, purchase a product and/or validate a ticket,deliver an electronic benefit (e.g., debit a card and/or inactivate orcancel a ticket, inactivate and/or cancel the card, deliver a monthlyemployer transit benefit, etc.), in which data of the contactless smartcard 105 is to be updated accordingly. In some embodiments, the softwareapplication can perform functions that do not necessarily result inupdating a value on the card. For example, the software application canperform enforcement actions in which a value and/or other information isread from a card to ensure fare compliance. To complete a transactioninvolving reading and/or writing to the contactless smart card 105, thesoftware application can prompt the user to bring contactless smart card105 within a range of the mobile device 120-1 (e.g., tap the contactlesssmart card 105 to the mobile device 120-1).

During the initial communication, the mobile device 120-1 can readcertain unsecure information from the contactless smart card 105, suchas a serial, card, and/or account number; a name of a user associatedwith the contactless smart card 105; and the like. The mobile device120-1 then can connect with the central computer host 175 via theInternet 170, using a data connection provided by the mobile carriernetwork 160, Wi-Fi access point 165, and/or another communication meanswith the Internet. In some embodiments, the user may input identifyinginformation (e.g., login ID, password, etc.) using input device(s) 135,which can be used to establish an authenticated connection with thecentral computer host 175.

Using the serial number and/or other information provided by the mobiledevice 120-1, the central computer host can then establish a securecommunications link with the mobile device. Information communicated viathe secure communications link can be encrypted using one or moreencryption keys associated with the contactless smart card 105. Theencryption may take place in the central computer host using locallystored keys 175 and/or take place in the external encryption engine 180.

The encrypted information from the central computer host 175 can be sentto the contactless smart card 105 and used to update secure informationof the contactless smart card 105. The mobile device 120-1 may not haveencryption keys to decrypt the encrypted information. Instead the mobiledevice 120-1 can write to the contactless smart card by transparentlypassing the encrypted information along to the contactless smart card,bypassing the secure element 130 and simply modulating the encryptedinformation with the NFC transceiver 125 in accordance with related NFCprotocols. The contactless smart card 105 can then update secureinformation stored in memory using the encrypted information. Thecontactless smart card 105 can then communicate to the mobile device120-1 and/or central computer host 175 using encrypted and/ornon-encrypted data to indicate whether the memory has been successfully(or unsuccessfully) updated.

FIG. 1B is a simplified hardware block diagram of a second embodiment100-2 of a system for enabling a mobile device 120-1 to communicate withthe smart media. The second embodiment 100-2 of FIG. 1B is similar tothe first embodiment 100-1 of FIG. 1A. Here, however, a second mobiledevice 120-2 without native NFC capability is used. Instead, the mobiledevice 120-2 is given NFC capabilities by an external NFC module 190,such as a mobile device sleeve or dongle, which includes some or all ofthe NFC-related components.

The mobile device 120-2 and external NFC module 190 can becommunicatively coupled using respective input/output (I/O) connectors193. The mobile device's I/O connector 193-2 can include a generic orspecialized interface, such as a serial port, mini universal serial port(USB), parallel port, and the like, and the external NFC module's I/Oconnector 193-1 can include a port configured to communicate with themobile device's I/O connector 193-2.

It will be understood that the embodiments provided in FIGS. 1A and 1B,as well as other embodiments detailed herein, are provided asnon-limiting examples, that may not include every component for eachembodiment. The external NFC module, for example, may include aprocessing unit, memory, and/or other subcomponents. The contactlesssmart card 105 can be replaced with any of a variety of smart media,including credit and/or debit cards, RFID tags, and the like. Moreover,the smart media may be physically attached to the mobile device 120and/or external NFC module 190 (e.g., as a sticker or other itemadhesively coupled to the mobile device). The central computer host 175and/or encryption engine 180 may be a cloud-based and/or networkedsystem of computers. Embodiments may also include using card emulation133 in addition or as an alternative to smart media, and/or the user ofan external card reader in addition or as an alternative to the externalNFC module 190. A person of ordinary skill in the art will recognizemany additions, substitutions, and other variations.

FIG. 2 is a simplified software block diagram a system 200 for enablinga mobile device to communicate with the smart media, according to oneembodiment in a transit system context. That said, the componentsdepicted in FIG. 2 may be implemented in a variety of combinations ofhardware and software, some of which (such as the contactless smart card210, mobile device 220, and central computer 250) may correspond withcomponents depicted in FIGS. 1A and/or 1B. As with other figuresprovided herein, the system 200 shown in FIG. 2 is provided as anon-limiting example.

In this system 200, the contactless smart card 210 can include an RFinterface 203, controller 207, memory controller 205 memory 215, andencryption engine 213. The encryption engine 213 can store, generate,and/or manage one or more encryption key(s) to help ensure sensitiveinformation stored in memory 215 is not communicated via the RFinterface 203 without proper encryption. The memory can storeinformation such as a value, counter, product, and the like, that may beused in one or more of a variety of applications, such as transit fare,event ticketing, payment systems, etc. Different blocks of memory may beencrypted with different keys and have different access conditions.Furthermore, components of the contactless smart card 210 can furtherensure that only authorized entities are provided read and/or writeaccess to memory 215.

Mobile device 220 can include memory 227, communication interface 225,point-of-sale (POS) application 235, secure device identification 237,and user interface 238, each of which can communicate with, beintegrated into, and/or be managed by mobile operating system (OS) 230.In some embodiments, such as those in which an external NFC module 270is not utilized, the mobile device can include an RF interface 223. Themobile OS 230 and/or other applications can be stored in memory 227 andexecuted by the mobile device, for example, upon device startup or uponreceiving certain user input and/or detecting other triggering events.

The POS application 235 can be an application executed by the mobiledevice 220 with which the user may initiate various point-of-salefunctions related to the contactless smart card 210. In a transitcontext, for example, such functions can include purchasing a newproduct or service (e.g., a 20-ride pass, month-long pass, etc.) and/orvalidating a ticket (e.g., debiting a card and canceling a ticket). ThePOS application 235 can be evoked by user input (e.g., pressing a linkof a user interface 238 shown on a touchscreen display of the mobiledevice 220) and/or when the mobile device 220 detects the contactlesssmart card 210. The POS application 235 also can receive input, such asa login ID, password, and/or other identifier, to send to a centralcomputer 250, which may be used to identify a user and/or establish asecure connection between the mobile device 220 and the central computer250.

The operation of POS application 235 may vary, depending on desiredfunctionality. For example, a user may execute the POS application 235on a personal mobile device 220 to initiate point-of-sale functionsrelated to a contactless smart card 210. Additionally or alternatively,the POS application 235 may be used by an agent and/or vender toinitiate point-of-sale functions related to the contactless smart card210 of a customer. In either case, and in other scenarios, the securedevice identification 237 (which can be related to a SIM card 145 ofFIGS. 1A and 1B) can identify the mobile device 220 to the back-endsystem 240 for tracking and/or login purposes. In some embodiments, thePOS application 235 can be a client program that communicativelyconnects with a server program executed by the central computer 250. Insome embodiments, the POS application may be a browser-based programthat enables users to initiate point-of-sale functions via a web portal.

The RF interface 223 of the mobile device 220 can include an NFCtransceiver and/or antenna that enables the mobile device 220 tocommunicate with the contactless smart card 210. Additionally oralternatively, as shown in FIG. 1B, NFC and/or other wirelessfunctionality may be provided by an external NFC module 270. Inembodiments in which an external NFC module 270 is utilized, the mobiledevice 220 can include an external NFC module library 239, enabling themobile operating system 230 to communicate with and/or manage any of avariety of external NFC modules 270, which can be manufactured by thirdparties. The external NFC module library 239 can communicate with theexternal NFC module via an I/O expansion module 233 of the mobile device220.

In addition to the central computer 250, the back-end system 240 caninclude a variety of additional components, depending on desiredfunctionality. Components can include an external encryption engine 245(which may have a master key, as indicated), one or more terminalcomputer(s) 247, connection to a banking system 253, and fare collectionsoftware 260 that communicates with a user database and hotlists 263,fare tables 265, and/or card database 267. Terminal computer(s) 247 canbe any of a variety of machines or devices (computers, vending machines,etc.) that can provide point-of-sale and/or other functionality relatedto the transit system. As discussed earlier, components shown in FIG. 2may be utilized in a transit system, but components may vary dependingon application. A person having ordinary skill in the art will recognizemany substitutions, alterations, and variations.

The mobile device 220 can communicate with the back-end system 240 viarespective communication interfaces 225 and 243. As indicatedpreviously, the central computer 250 can utilize information from themobile device 220 to identify the mobile device 220 and/or a userassociated with the mobile device 220. For example, a transit system maybe an account-based system in which users can create accounts that aremaintained by fare collection software 260 and stored in the userdatabase and hotlists 263. An account-based system can enable thetransit system to store payment information (e.g., credit cardinformation, bank account, transit benefit account) associated with auser in the card database 267 and/or user database and hotlists 263. Inthis manner, the mobile device 220 may not need to communicate paymentinformation to the central computer 250. Rather, the central computer250 can use payment information stored in the card database 267 andassociated with a user in the user database and hotlists 263 and/or userdatabase and hotlists 263 to pay for a product or service requested by auser using the mobile device 220.

The back-end system can process payments by utilizing a connection to abanking system 253. Payments may be processed periodically in batches,or may be processed in real- or near-real time. Moreover, the centralcomputer 250 can communicate information to the mobile device 220indicating whether a payment was successfully made. Depending on theproduct or service requested by a user via the mobile device 220, thecentral computer 250 can gather information from the fare tables 265(e.g., to calculate a fare) and/or card database (e.g., to verify and/orauthenticate a contactless smart card) via the fare collection software260 to calculate an amount of payment and/or a value to add, deduct, orwrite to the contactless smart card 210.

What is written to the contactless smart card 210 can vary, depending ondesired functionality. For example, in addition or as an alternative tothe account-based system described above, the system can provide forwriting one or more secure token(s) to the contactless smart card 210(or other smart media) without requiring the need for separate farepayment. With regards to bank cards, such as credit and/or debit cards,this information may be written to a scratch pad (i.e., unused portionof memory) of the bank card, thereby enabling the bank card to beutilized as a fare token, ticket, and/or other media, depending on theapplication.

FIG. 3 is a flowchart representing a method 300 for enabling a mobiledevice to communicate data to a smart media, such as a contactless smartcard, according to one embodiment. The method, which can be executed bythe mobile device, can begin at block 310, where a user interface isprovided, where the user interface is operable to receive a user input.As discussed previously, the user interface can include a graphical userinterface on a display of the mobile device. User input may be receivedin any of a variety of ways, depending on desired functionality andhardware capabilities of the device. For example, user input can bereceived via buttons, a keypad, touchscreen, microphone, camera, motionsensors, and the like.

At block 320, the user input is received. User input can include any ofa variety of information, such as login information, payment sourceinformation (e.g., credit card information, debit card information,etc.), payment amount information, an indication of a product or servicefor purchase, and the like. The user input may also indicate and/ordepend on a desired point-of-sale transaction the user wishes to make onthe mobile device.

At block 330, information is read from the smart media. The informationread from the smart media can include a card number, serial number,and/or other identifier, which may be used to help identify the smartmedia to a central computer. The information read from the smart mediamay be data that is not encrypted and/or secured, and thereforeaccessible to the mobile device without the user of encryption keys. Theinformation read from the card may also depend on the input receivedfrom the user. For example, an indication that a certain point-of-saletransaction is desired may cause the mobile device to read a serialnumber from the smart media to provide to a central computer.

At block 340, at least a portion of the information is provided toestablish a secure communication link with a remote computer. Forexample, the mobile device may provide a unique manufacturer serialnumber or other identifier of the smart media to a remote computer. Theremote computer can then use a card database, encryption engine, and/orthe like to determine one or more encryption key(s) to use to establisha secure communications link. Other information, such as user logininformation, mobile device identification information, etc., may also beused to establish the secure communications link.

At block 350, encrypted data is received via the secure communicationslink. As indicated previously, the mobile device may not decrypt theencrypted data. Instead, at block 360, the encrypted data may be writtento the smart media. The mobile device may do so by simply sending theencrypted data to the smart media with no decryption. In so doing, themobile device may bypass a secure element. Bypassing the secure elementmay be done by utilizing a specific operating system procedure, whichmay depend on the mobile device.

FIG. 4 is a flowchart representing a method 400 for method for enablinga mobile device to communicate with a smart media, which can beperformed by a computer of a back-end system (such as the centralizedcomputer host 175 of FIGS. 1A and 1B, and/or the central computer 250 ofFIG. 2). The method 400 of FIG. 4 can be performed, for example, by acomputer in communication with a mobile device performing the method 300of FIG. 3.

At block 410, identifying information regarding the smart media isreceived. The identifying information can include a card number, serialnumber, and/or other identifier of the smart media. Additionally oralternatively, identifying information can include user identificationinformation, such as a username, password, account ID, discount status(senior), transit balance, etc. The information can be verified againstdata in a database or otherwise stored in a memory, local to or remotefrom the computer. Other information, such as login information, paymentsource information, payment amount information, and/or an indication ofa product or service to purchase, may also be received.

At block 420, an encryption key is determined. In some embodiments, theencryption key can be determined by utilizing, for example, a lookuptable that associates identifying information regarding the smart mediawith an encryption key. In some embodiments, determining the encryptionkey may include communicating with an external encryption engine. Asindicated previously, a master key and/or multiple encryption keys maybe used. The keys can be diversified, based on the serial number of thesmart card and the master key.

At block 430, a secure communications link is established. The securecommunications link, which can be established between the computer andthe mobile device, can be based on at least a portion of informationread from the smart media by the mobile device. For example, encryptionof the secure communications link can utilize an encryption keyassociated with an identifier read from the smart media.

At block 440, encrypted data is communicated via the securecommunication link. The encrypted data can include any of a variety ofdata, which can be written to the smart media. For example, theencrypted data can include a value (e.g., a counter, monetary value,credit value, etc.) used to track the smart media's usage in a transitsystem. Additionally or alternatively, for ticket validation, suchencrypted data can include an indication that a ticket related to thesmart media has been used and/or is otherwise no longer valid.

It should be appreciated that the specific steps illustrated in FIGS.3-4 provide example flowcharts illustrating embodiments of methods forenabling a mobile device to communicate with a smart media. Alternativeembodiments may include alterations to the embodiments shown. Forexample, alternative embodiments may include reading and/or writinginformation to and/or from the smart media at different times.Furthermore, additional features may be added or removed depending onthe particular applications. One of ordinary skill in the art wouldrecognize many variations, modifications, and alternatives.

Techniques described herein above for establishing a communication linkbetween the contactless smart card and a remote computer may further beutilized for authenticating the smart media (and/or the holder of thesmart media) for non-transit applications, such as loyalty programsand/or other applications in which authentication of a contactless smartcard can be utilized for any of a variety of functions.

FIG. 5 is a simplified block diagram providing an illustration of howthis can be utilized using components described herein. Here, componentsinclude a contactless smartcard 105, mobile device 120, Internet 170,and central host computer 175, all of which are similar to correspondingcomponents illustrated in FIGS. 1A, 1B, and 2. Additionally, however,FIG. 5 includes a third party system 510 that is also connected to theInternet 170. It should be known that additional or alternativenetworks, other than the Internet 170, may be utilized depending ondesired functionality. Moreover, embodiments may substitute a mobiledevice 120 with another electronic device, which may or may not be“mobile.”

As indicated previously, the contactless smartcard 105, mobile device120, and central host computer 175, can be utilized as described hereinabove to establish a connection between the contactless smartcard 105and the central host computer 17. In so doing, the central host computer175 may validate and/or authenticate the contactless smartcard 105 andprovide authentication information to the third party system 510. Thethird party system 510 can be an application or server maintained by athird party that may include a database that logs authenticationinformation provided to the third party system 510 by the central hostcomputer 175. Depending on desired functionality, the third-party canutilize this authentication information in any of a variety of ways.

Loyalty programs are an example of how a third party may utilize theauthentication provided by the central host computer 175. For example,the third-party system 510 may be a backend server of a coffee shopchain that, due to an agreement between the third-party and a transitsystem, may provide loyalty points for users of the transit system. Inthis example, the contactless smartcard 105 may serve as a transit faremedia with which a user can gain access to services (e.g., transitrides) in the transit system. If a user enters a coffee shop of thethird party's coffee shop chain, techniques herein can be utilized toestablish a secure link between the contactless smartcard 105 and thecentral host computer 175. Here, the mobile device 120 may be apoint-of-sale (POS) unit within the coffee shop. The central hostcomputer 175 can authenticate the contactless smartcard 105 and providedetails of this authentication to the third party system 510. Thethird-party system 510 can then credit an account of the user withloyalty points in accordance with a loyalty program of the third partybased upon business rules and algorithms that are determined by thatloyalty program. Additionally or alternatively, the central hostcomputer 175 can provide the mobile device 120 (the POS) or other devicemaintained by the third party with information regarding theauthentication. This may enable the mobile device 120 to provide rewardsto the user while the user is performing a transaction at the POS.

In another example, the contactless smartcard 105 may be authenticatedby a central host computer 175 to serve as a library card where thethird party system 510 is a server maintained by library. In thisexample, the contactless smartcard 105, once authenticated, can serve asa library card. When the contactless smartcard 105 is presented at amobile device 120 (e.g., a checkout terminal at the library), thecentral host computer 175 may provide user information (e.g., a nameand/or account identifier) to the third party system 510, which can thenlink transactions made by the contactless smartcard 105 to an accountmaintained by the library.

These techniques may be utilized in other applications as well. Inaddition to loyalty and library programs, for example, these techniquesmay be utilized to authenticate users in student programs, seniorprograms, other ticket-based venues (concerts, sporting events, etc.),or any other program in which authentication can be utilized.

The information provided by the central host computer 175 could includeany of a variety of data, depending on desired functionality. Thisauthentication information can be determined by business rulesimplemented by the central host computer 175. These business rules maybe determined by the third party and may be triggered based on dataprovided by the mobile device, a determined location of the mobiledevice, an application executed by the mobile device, as the like. Insome embodiments, for example, the central host computer 175 may simplyindicate that the contactless smartcard 105 is valid or active. Theauthentication may further include additional information such as useridentification information, whether the contactless smartcard 105 hasbeen used in the transit system within a certain time period, afrequency of use, a type of transit product associated with thecontactless smartcard 105 or a corresponding user's account, a locationof use, and the like.

FIG. 6 is a flow diagram illustrating a method 600 for enabling anelectronic device to communicate with a smart media, according to oneembodiment. Any or all of the functions illustrated in the method 600can be performed, for example, by a central host computer 175. As withother figures provided herein, FIG. 6 is not meant to be limiting. Aperson having ordinary skill in the art will recognize alternativeembodiments may implement variations to the embodiment illustrated inFIG. 6.

The method can begin at block 610, by receiving information read fromthe smart media by the electronic device, the information includingidentifying information regarding the smart media. Information read fromthe smart media may include any of a variety of identifying information,such as an account number, a user identification code, an ID number orserial number of the smart media, or the like. As indicated previously,initial information received from the smart media may not be encrypted.

At block 620, a secure communications link between the electronic deviceand the server is established. This can be done using the techniquesdescribed previously herein. For example, it may involve determining anencryption key so that communication between the smart media and theserver can be secure. As noted previously, the electronic device may notdecrypt this communication, but may instead simply pass the encryptedcommunication between the smart media and the server.

The functionality at block 630 involves conducting a transaction betweenthe server and the smart media via the secure communications link. Sucha transaction can include any transaction previously described herein inother embodiments. This transaction may involve writing encrypted datato the smart media, reading additional information from the smart media,and/or other functions.

The functionality at block 640 involves determining a third partyrelated to the transaction. The server may make this determination basedon information received from the electronic device and/or the smartmedia. For example, the electronic device may provide informationindicative of a managing entity, a location, a transaction type, and/orother type of information with which a third party may be identified.Additionally or alternatively, the smart media itself may provideinformation such as an identification code, name, or other data, whichmay be read from the smart card by the electronic device and provided toa server.

This information may be used to determine relevant business rulesrelated to the third party. These business rules can include rules thatmay be specific to the third party such as, for example, an indicationof what authentication information to send to the third party, a deviceor devices to which the information is to be sent, protocols and/orother technical information related to the sending of data, and thelike.

At block 650, in response to determining the third party related to thetransaction, authentication information is sent to a device associatedwith the third party. As indicated previously, the device may be theelectronic device facilitating the communication between the smart mediaand the server, or it may be a separate device, such as a server orother third-party system, as described previously.

Embodiments may implement any of a variety of additional or alternativefeatures, depending on desired functionality. For example, someembodiments may include communicating encrypted data to the smart mediavia the secure communications link by writing the encrypted data suchthat a secure element of the mobile device is not used. In someembodiments, the authentication information may comprise an indicationthat the smart media is valid or active, and/or one or more of useridentification information, an indication of when the smart media waslast used in a transit system, a frequency of use of the smart media, atype of transit product associated with the smart media or acorresponding user's account, or a location of use of the smart media,or any combination thereof.

In the foregoing description, for the purposes of illustration, methodswere described in a particular order. It should be appreciated that inalternate embodiments, the methods may be performed in a different orderthan that described. It should also be appreciated that the methodsdescribed above may be performed by hardware components and/or may beembodied in sequences of machine-readable instructions, such asprogramming code, which may be used to cause a machine, such as ageneral-purpose or special-purpose processor or logic circuitsprogrammed with the instructions to perform the methods. Thesemachine-readable and/or computer-readable instructions may be stored onone or more non-transitory storage mediums, such as CD-ROMs or othertype of optical disks, floppy diskettes, ROMs, RAMs, EPROMs, EEPROMs,magnetic or optical cards, flash memory, or other types ofmachine-readable storage mediums suitable for storing electronicinstructions.

With this understanding, embodiments may be implemented by hardware,software, firmware, middleware, microcode, hardware descriptionlanguages, or any combination thereof. When implemented in software,firmware, middleware or microcode, the program code or code segments toperform the necessary tasks may be stored in a machine-readable storagemedium, such as those described above. A processor(s) may perform thenecessary tasks.

Embodiments provided herein are examples only, and is not intended tolimit the scope, applicability, or configuration of the disclosure.Rather, the ensuing description of the embodiments will provide thoseskilled in the art with an enabling description for implementing one ormore embodiments. It should be understood that various changes may bemade in the function and arrangement of elements without departing fromthe spirit and scope of the disclosed systems and methods as set forthin the appended claims.

While illustrative and presently preferred embodiments of the disclosedsystems, methods, and devices have been described in detail herein, itis to be understood that the inventive concepts may be otherwisevariously embodied and employed, and that the appended claims areintended to be construed to include such variations, except as limitedby the prior art.

What is claimed is:
 1. A method for enabling an electronic device tocommunicate with a smart media, the method comprising: receiving, with aserver, information read from the smart media by the electronic device,the information including identifying information regarding the smartmedia; establishing a secure communications link between the electronicdevice and the server, wherein the establishing the securecommunications link comprises encrypting data communicated via thesecure communications link using an encryption key for the smart mediasuch that a secure element of the electronic device is not used;conducting a transaction between the server and the smart media via thesecure communications link; determining, with the server, a third partyrelated to the transaction; and in response to determining the thirdparty related to the transaction, sending, from the server,authentication information to a device associated with the third party.2. The method for enabling the electronic device to communicate with thesmart media of claim 1, further comprising communicating encrypted datato the smart media via the secure communications link by writing theencrypted data such that a secure element of the electronic device isnot used.
 3. The method for enabling the electronic device tocommunicate with the smart media of claim 1, wherein authenticationinformation comprises an indication that the smart media is valid oractive.
 4. The method for enabling the electronic device to communicatewith the smart media of claim 1, wherein the authentication informationcomprises one or more of: user identification information, an indicationof when the smart media was last used in a transit system, an indicationof where the smart media was last used in a transit system, anindication of how the smart media was last used in a transit system, afrequency of use of the smart media, a type of transit productassociated with the smart media or a corresponding user's account, or alocation of use of the smart media, or any combination thereof.
 5. Themethod for enabling the electronic device to communicate with the smartmedia of claim 1, wherein the device associated with the third party isthe electronic device.
 6. The method for enabling the electronic deviceto communicate with the smart media of claim 1, wherein determining,with the server, the third party related to the transaction is based oninformation provided by the electronic device.
 7. A non-transitorycomputer-readable medium having instructions embedded thereon forenabling an electronic device to communicate with a smart media, theinstructions including computer-executable code for: receivinginformation read from the smart media by the electronic device, theinformation including identifying information regarding the smart media;establishing a secure communications link between the electronic deviceand a server, wherein the establishing the secure communications linkcomprises encrypting data communicated via the secure communicationslink using an encryption key for the smart media such that a secureelement of the electronic device is not used; conducting a transactionbetween the server and the smart media via the secure communicationslink; determining a third party related to the transaction; and inresponse to determining the third party related to the transaction,sending authentication information to a device associated with the thirdparty.
 8. The non-transitory computer-readable medium of claim 7,wherein the instructions further comprise computer code forcommunicating encrypted data to the smart media via the securecommunications link by writing the encrypted data such that a secureelement of the electronic device is not used.
 9. The non-transitorycomputer-readable medium of claim 7, wherein the instructions furthercomprise computer code for providing authentication informationcomprising an indication that the smart media is valid or active. 10.The non-transitory computer-readable medium of claim 7, wherein theinstructions further comprise computer code for providing authenticationinformation comprising one or more of: user identification information,an indication of when the smart media was last used in a transit system,an indication of where the smart media was last used in a transitsystem, an indication of how the smart media was last used in a transitsystem, a frequency of use of the smart media, a type of transit productassociated with the smart media or a corresponding user's account, or alocation of use of the smart media, or any combination thereof.
 11. Thenon-transitory computer-readable medium of claim 7, wherein theinstructions further comprise computer code for determining the thirdparty related to the transaction based on information provided by theelectronic device.
 12. A server for enabling an electronic device tocommunicate with a smart media, the server comprising: a communicationsinterface; and a processing unit communicatively coupled with thecommunications interface and configured to cause the server to: receive,via the communications interface, information read from the smart mediaby the electronic device, the information including identifyinginformation regarding the smart media; establish, via the communicationsinterface, a secure communications link between the electronic deviceand the server, wherein the establishing the secure communications linkcomprises encrypting data communicated via the secure communicationslink using an encryption key for the smart media such that a secureelement of the electronic device is not used; conduct a transactionbetween the server and the smart media via the secure communicationslink; determine a third party related to the transaction; and inresponse to determining the third party related to the transaction,send, via the communications interface, authentication information to adevice associated with the third party.
 13. The server for enabling theelectronic device to communicate with the smart media of claim 12,wherein the processing unit is further configured to cause the server tocommunicate encrypted data to the smart media via the securecommunications link by writing the encrypted data such that a secureelement of the electronic device is not used.
 14. The server forenabling the electronic device to communicate with the smart media ofclaim 12, wherein the processing unit is further configured to include,in the authentication information, an indication that the smart media isvalid or active.
 15. The server for enabling the electronic device tocommunicate with the smart media of claim 12, wherein the processingunit is further configured to include, in the authenticationinformation, one or more of: user identification information, anindication of when the smart media was last used in a transit system, anindication of where the smart media was last used in a transit system,an indication of how the smart media was last used in a transit system,a frequency of use of the smart media, a type of transit productassociated with the smart media or a corresponding user's account, or alocation of use of the smart media, or any combination thereof.
 16. Theserver for enabling the electronic device to communicate with the smartmedia of claim 12, wherein the processing unit is further configured tocause the server to base the determination of the third party related tothe transaction on information provided by the electronic device.